1

ETHICAL HACKING
S.sathish rajan

Abstract the only system which is safe is the one that is switched off.Hacking have taken a frontseat in computer revolution.My paper is on few hacking methods explained in detail with practical explanation on hackers methodology.
Index Terms Phising Method, Brute Force Hack, NetBios hack, Cookie Steal Hack,Key Logger.

often uses different techniques for breaking into systems which can involve advanced programming skills and social engineering. Grey Hat Hacker- They are Skilled Hacker who sometimes act legally and sometime not. In simple word you may call a Grey Hat hacker as Hybrid between White Hat and Black Hat hacker

Hacking Methods!
Phising Method- Phising is the method that you are familiar with. You create a Fake Account and ID in yahoo and fool your friends by telling them to send the victim's ID, their own ID and their own Password in your Fake Yahoo Account. Brute Force Hack- Brute Force Hack is a Hacking which takes much time to get Password of the Victim and it needs a Hacker to learn about JavaScripts and all the non-sense. Cookie Steal Hack- Cookie Steal Hack is somewhat similar to Fake Login Hack as you prepare a Cookie Stealer and tell your friends to open your Cookie so that his Password would come to you.

I. INTRODUCTION
"Hacking" is the word that shakes everyone whenever it is said or heard by someone. Everyone born in this world with attitude wants to be a Hacker. But it is not a job of a new born baby or an old grown lady. A Hacker needs a brilliant mind to hack anything. His skills should be so powerful that no other hacker can hack him. A Hacker doesn't need a software to hack. There are many rules that he should learn to become an Ethical Hacker. These rules include knowledge of HTML, JavaScripts, Computer Tricks, Cracking & Breaking .

Types of Hackers!
White Hat Hacker- Also referred as Ethical Hacker or sometimes called as Sneakers. A White Hat Hacker mainly focuses on securing corporate Network from outsider threat. They are with good intention who fight against Black Hat. Black Hat Hacker- Also referred as Cracker. A Black Hat Hacker's intention is to break into others Network, and wish to secure his own machine. They

NETBIOS- NETWORK BASIC INPUT OUTPUT SYSTEM IS

MAINLY USED FOR SHARING DRIVES AND DEVICES IN

LAN/WAN.TARGET MACHINE SHOULD HAVE FILE AND PRINTER SHARING ENABLED AND HAVE PORT 139 OPEN CHECKS FOR ALIVE HOSTS, AND HACK THE DEVICES AND DRIVERS.

PHISHING

Phising represents the act of creating fake pages of popular social web sites (YouTube, Facebook, MySpace, Windows Live Messenger), auction sites (eBay), online banks (Wells Fargo, Bank of America, Chase), online payment processors (PayPal), or IT Administrators (Yahoo, ISPs, corporate),or any mail sites like GMAIL,YAHOOMAIL indeed everything. For example, we can see a fake page of a famous social networking site ORKUT in the below figure.. It looks like an original orkut login page but it is fake pages so that when ever we type in our details and click on submit we do not get logged into orkut but actually give away our account details. Let us see how this page is created. First the login page of orkut is saved onto out local system. If we view the page source and search for a word action it appears like this.. So whenever we click submit the url https://www.google.com/accounts/ServiceLoginAut h?service=orkut is called so instead of that we can create another file and do our own action. So for that we create a file with the following code. This is saved as login.php.Whenever this file is called the username and password are stored in a file called victim.php. To call the login.php file in the place of https://www.google.com/accounts/ServiceLoginAut h?service=orkut We write login.php so that login.php is called. Now the source code of the fake login page appears as:

KEY LOGGERKeystrokes to an encrypted file which can then be read later. Based on the order of the keystrokes, it is usually easy to identify the password(s) from the file later. Like the Trojan, this also requires that someone actually type the password. Keyloggers come in two types: hardware and software. A hardware keylogger can be fitted between the keyboard cable and the computer and can be activated with a few keystrokes. It is then left in place until after the password that you are looking to recover is typed. Later it is removed and the file of keystrokes is examined for the password. A hardware keylogger is undectable by anti-virus software. A software keylogger is installed on a system and effectively has the same function, however, it is a little bit more complex to use since it must be installed to run stealthily to be effective. A keylogger could be used to steal a password from someone who is using an office computer or sharing a computer. It is possible that installing and using such a device or piece of software could be illegal depending upon whether the target has a presumption of privacy when using the computer on which the keylogger is installed.

NetBIOSNetBIOS stands for Network Basic Input Output System. It allows your LAN or WAN to share drives, folders, files and printers. Gaining access to a computer through NetBIOS is very simple and easy. The only thing required is for the target machine to have file and printer sharing enabled and to have port 139 open. Below I will show you an

The files are hosted and whenever a user thinking it to be orkut login page submits his username and password, they are stored in a file called victim.html.

PREVENTION:
So prevent such attacks it is sufficient if we just see the source code and find the word action and see the task related to it.

example of what a hacker would do to gain access to a Windows machine through NetBIOS. Now the hacker would run the nbtstat a TargetIPaddress this will tell us if the target has file and printing enabled. Without it, this attack is not possible.

Next the hacker would run the command net view \\TargetIPaddress. This command will display any shared drives, folders, files or printers. If nothing comes up, you wont be able to gain access to anything since there is nothing being shared . To map out my drive onto his computer the hacker would use the command net use G: \\TargetIPaddress\DriveName. So in my case I would run the command net use G:\\192.168.1.101\SharedDocs. You can use any letter in place of G:\\. This just tells the computer what to name the drive on your computer.

Hacking is now a issue that does not have any conclusion.The only way we can stop an hacker is by learning hacking.By learning we can read the minds of a hacker which enables us to know the reality.Hacking is not a crime but it is made a crime by mis using the knowledge of programming. Every hacker is a perfect programmer even more than a normal programmer. Everyone should know the ethics of hacking and follow them.

REFERENCES
.

The hackers underground handbook and various internet resources.

Countermeasures
There are a couple things you can do to prevent NetBIOS and Ophcrack password cracking attacks. 1. To keep computer from being a target of NetBIOS attacks, simply disable file and printer sharing. In Windows Vista, it is disabled by default but you must do a little work in Windows XP. Go to Start -> Control Panel -> Network Connections. Double click on your active connection. In my case it is the Wireless Network Connection 2. Click on Properties. If File and Printer Sharing is selected, deselect it and click OK.

CONCLUSION